Decrypt Files Encrypted by Chimera Ransomware - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by Chimera Ransomware

chimera-ransomware-sensorstechforum-decryption-mainA ransomware infection, named by the mythical beast Chimera was spotted by ESG malware researchers to encrypt vital documents, pictures, videos, audio files and other of the computers it infects. The Chimera virus also deletes the backup of those files and asks it’s victims to pay the ransom fee for the files. The payoff amount asked by the Chimera is reported to be around 1 BTC , and the virus also threatens users to publicly publish pictures and videos of the user online. Fortunately, a decryptor has been released for Chimera ransomware by Kaspersky researchers that may decrypt your files. To learn how to work with the decrypter and hopefully, restore your files to a working state.

Chimera Ransomware – Background

This particular string of ransomware code used to infect victims back in 2015 with massive spam campaigns especially via e-mail. The spam messages were reported to possibly have the following types of files as e-mail attachments:

→ .docx, .jpg, .bat, .cmd, .exe, .pdf, .vdi, .txt

Not only this but the attachments may contain legitimate files uploaded along with them all packed together in a .ZIP or .RAR archive to make the process seem legitimate. After opening the malicious files, the ransomware immediately started file encryption.

After encryption, the Chimera ransomware left the following ransom note on infected computers to notify the user that he or she must pay the ransom:


Users were left with no option but to pay the ransom money or wait until a decryptor is released. Thankfully now, there has been an actual release of a decryptor, by Kaspersky researchers who have updated their Rakhni Decrypter to decode files encrypted by Chimera ransomware.

Chimera Ransomware – Removal and Decryption Tutorial

To best give you the instructions, we have decided not to limit you solely to the decryption of this virus. In case your computer is infected with Chimera, you should remove it before decrypting your files. This is why we have separated the process into two phasesremoval and decryption. In case you have already removed the virus, you can skip to step two and go directly for the decryption instructions:

Phase 1 – Removal

To remove Chimera ransomware, please follow the below-mentioned removal instructions. In case you are having difficulties In manually removing Chimera, please use the Automatic Removal Instructions.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share